Microsoft, Tinfoil Provide Azure Web App Vulnerability Scanning

Betting that a little healthy paranoia is a good thing, Microsoft partners with Tinfoil Security to keep hackers away from Azure-backed Web applications.

Microsoft has partnered with Tinfoil Security, a DevOps security specialist, to help developers secure their Azure-backed Web applications with a new vulnerability scanning option.
"For Azure Web Apps, Tinfoil Security is the only security vulnerability scanning option built into the Azure App Service management experience," said Nazim Lala, a Microsoft Azure Websites software engineer, in a June 3 announcement. "This will enable you to scan your Azure Web Apps and help secure your web app as you develop it."
Corporate networks and user PCs aren't the only avenues hackers are exploring in their quest for valuable data. Citing statistics from the Web Application Security Consortium, Lala noted that 13 percent of sites evaluated by the group can be compromised using automated methods while 49 percent contained high-risk vulnerabilities.
Tinfoil's own data shows "that 75 percent of web apps they scan have a vulnerability on the first scan," said Lala. Taken altogether, those findings paint a bleak picture of security for Web-facing organizations.

"As web applications become the cornerstone of more and more businesses, they also become a potential source of threats to the IT security of a company," said Lala. To nip potential problems in the bud, the company is making it easier for Azure App Service customers to deliver secure apps from the start.

Azure App Services, launched in March and comprising Azure Websites, Azure Mobile Services and Azure BizTalk Services, is meant to speed the development of Web and mobile apps. Now, organizations can cloak their development efforts with an extra layer of security. "Tinfoil Security scanning through Azure App Service offers developers and administrators a fast, integrated and economical means to discovering and addressing these issues before they can be abused by a malicious actor," Lala stated.
The new Tinfoil Security option appears in the Azure Management Portal after selecting a Web app. The user is then presented with pricing plans that vary in the scans conducted per month, the maximum number of scanned URLs and duration of a scan. After purchasing a plan, "you will see a link to the management dashboard on the Tinfoil Security blade," he explained. "Browsing to this site will take you to the Tinfoil management dashboard."
The latest version of the dashboard is automatically installed. After the process is completed, users can begin or schedule a scan and later review the findings in the Results tab.
Plugging security holes in Web applications has become a big priority for businesses whose customers are more likely to engage with them over a smartphone or tablet browser than in-person or over the phone. And there's no shortage of companies that are lining up to help.
Last month, security vendor Rapid7 announced it had acquired NT OBJECTives (NTO), maker of the NTO Spider application security scanner, for an undisclosed amount. In 2013, anti-malware provider Trend Micro launched its Web App Security vulnerability detection and protection product, which includes unlimited Secure Sockets Layer (SSL) certificates.